@Twitter

Monday, March 22, 2010

Biometrics, privacy & technical competency in ID cards

"How quickly will this database go from being strictly to prove employment eligibility to being used by police departments to gather fingerprints while circumventing the warrant process and Fourth Amendment rights of search and seizure?" - Michelle Ngo, EPIC

Where to begin? First, the senators say, “Each card’s unique biometric identifier would be stored only on the card; no government database would house everyone’s information.” But that seems unlikely. What if someone hacked a real card and added their biometric data (fingerprints, eye scans, whatever is chosen by the government) to the card? Their fingerprints would match the fingerprints on the card, so they would be “identified” as the name on the card. There would likely need to be a database to check for accurate credentials.

Altering a biometric digitally by breaking into the system is just one security problem with biometric identification. Individuals could use false identification at enrollment or a biometric could be altered physically.

The senators state that they need “a tamper-proof ID system” to fix the immigration problem. But there is no tamper-proof ID system. You can strengthen ID systems, but they’ll still be forged by people with means and motive. Former Homeland Security Secretary Michael Chertoff said that the fact that REAL ID and other strengthened identification cards can be forged is a security problem:

I certainly have seen intelligence that tells me that sophisticated criminals and sophisticated terrorists spend a great deal of time learning to fabricate and forge even these improved cards. The net effect of this may be that it’s going to be harder for people on campus here to get a drink when they’re under 21, but unfortunately it’s not going to be that much harder for the most sophisticated dangerous people to counterfeit an identity card.

What the senators would be creating is a trusted card that could and would be forged by sophisticated criminals. Even if you allow the senators’ contentions: the tamper-proof card would have the biometric credential only on the card so there would be no national database, we must then look at the cost of this system. There would need to be computer systems set up for the new high-tech cards, strong encryption, special paper, special readers to 7.4 million employers in the United States, training for employers and employees, and other costs, as well. This would cost billions, perhaps trillions.

And how quickly would this employment verification card be expanded to many more uses beyond employment verification? It is to be “a high-tech, fraud-proof Social Security card,” and Social Security data is used for numerous uses today. Your Social Security number is used to open a bank account, credit account or even cellphone account. How soon before these entities say, “I need you to prove your identity by scanning your high-tech biometric Social Security card”?

How quickly will this database go from being strictly to prove employment eligibility to being used by police departments to gather fingerprints while circumventing the warrant process and Fourth Amendment rights of search and seizure? Who else could have access to your fingerprint and iris scans? The United States already has discussed sharing fingerprint and other biometric data of suspects with European countries. It’s a small step to opening up a national employee biometrics database to other countries.

Besides the security problem, there is also a substantial problem for U.S. citizens and others who may legally work in the United States. During the REAL ID national identification card debate, critics of the REAL ID program noted there is the false positive problem. U.S. workers were having problems with an employment eligibility verification system using Social Security and Homeland Security error-filled databases.Several federal (pdf) government evaluations (pdf) noted problems with database checks that lead to initial rejections for individuals who are legally eligible to work in the US, causing significant problems for eligible workers and their employers, who have done nothing wrong.

I must reiterate: This biometric identification system, where you must prove to the government that you are eligible to work, is proposed for all U.S. employees, not just immigrants. It is a terrible proposal that will not solve the immigration problem, but instead create substantial employment problems for U.S. citizens at a time when many need help to find employment, not more barriers against it.